|
111
|
8.8 |
HIGH
Network
|
-
|
-
|
Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57518
|
2026-06-27 02:49 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
6.5 |
MEDIUM
Network
|
joomlaworks
|
k2
|
The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`
New
|
CWE-862
Missing Authorization
|
CVE-2026-48941
|
2026-06-27 02:44 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
6.1 |
MEDIUM
Network
|
joomlaworks
|
k2
|
K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48942
|
2026-06-27 02:44 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
6.5 |
MEDIUM
Network
|
joomlaworks
|
k2
|
K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, …
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-48943
|
2026-06-27 02:43 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
6.5 |
MEDIUM
Network
|
joomlaworks
|
k2
|
The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and the…
New
|
CWE-22
Path Traversal
|
CVE-2026-48944
|
2026-06-27 02:43 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
5.3 |
MEDIUM
Network
|
joomlaworks
|
k2
|
The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (incl…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-48945
|
2026-06-27 02:43 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
6.3 |
MEDIUM
Network
|
joomlaworks
|
k2
|
The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload …
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-48946
|
2026-06-27 02:43 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
8.4 |
HIGH
Local
|
deno
|
deno
|
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path su…
New
|
CWE-41
CWE-176
Improper Resolution of Path Equivalence
Improper Handling of Unicode Encoding
|
CVE-2026-49401
|
2026-06-27 02:43 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
3.4 |
LOW
Network
|
joomlaworks
|
k2
|
A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48940
|
2026-06-27 02:41 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
8.1 |
HIGH
Network
|
deno
|
deno
|
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:child_process implementation provided an escapeShellArg() helper used when callers passed shell: true to spawn …
New
|
CWE-78
OS Command
|
CVE-2026-49402
|
2026-06-27 02:33 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
